Siggles Posted February 19, 2008 Share Posted February 19, 2008 Hi, a long running prediction competition is going automated this year and I was given the task of doing it. I have used this login system with MySQL http://www.evolt.org/PHP-Login-System-with-Admin-Features and also had lots of help when needed from this wonderful website. Before it goes live live I would like to see if there are any holes. The odd link will not work and the design needs work btw. Thanks for your help and time. Siggles Here it is: http://www.independentmillwall.com/prediction/ Link to comment https://forums.phpfreaks.com/topic/91851-could-you-test-my-prediction-site/ Share on other sites More sharing options...
agentsteal Posted February 19, 2008 Share Posted February 19, 2008 Array: http://www.independentmillwall.com/prediction/userinfo.php?user[] Includes Directory: http://www.independentmillwall.com/prediction/include/ Insecure Cookie: You shouldn't put the username in the cookie. User Enumeration: http://www.independentmillwall.com/~nobody User Enumeration: http://www.independentmillwall.com/~root Link to comment https://forums.phpfreaks.com/topic/91851-could-you-test-my-prediction-site/#findComment-470763 Share on other sites More sharing options...
Recommended Posts